Interview for Apple Identity and Access Management (IAM) Software Engineer in Bethesda, MD
- Support the NIHAuthPlugin (an open source project to enforce PIV login on Macintosh computers)
- Support non-PIV two-factor authentication alternatives
- Provide Mac security engineering support, e.g., pen-test scenarios involving Macs in the enterprise
- Provide support for solutions to meet other NIH enterprise and IC-specific needs, e.g., tools and engineering advice to Institutes and Centers (ICs) that lack Mac expertise
- Develop iOS apps, as needed
- Provides recommendations to infuse new technology
- Develops design artifacts
- Collaborates with PMs/Users/Business Analysts (BAs) to comprehend requirements, evaluate alternatives, and establish timelines
- Master’s degree and 10+ years’ experience in the IT field (or equivalent combination of education and experience)
- 3+ Years’ experience working with Apple/Macintosh
- Knowledge of OS X’s authorization APIs
- In-depth Objective-C knowledge
- C / C++ and Swift knowledge for supporting surrounding frameworks
- OS X System Python knowledge for installer scripts
- Issue tracking and version controls with git
- In-depth understanding of Public Key Infrastructure (PKI)
- Mobile app development that could assist NIH in systems / security functions
- Excellent English written and oral communication.
Who has the authority to appoint an IAM (ISSM)
Who has the authority to appoint an Information Assurance Manager (IAM)/Information Security Security Manager?
An IAM (Information Assurance Manager) is now called an Information System Security Manager (ISSM). The program manager, system manager or component commanders appoints the Information security security manager in writing.
According to DoD 8510.01, Risk Management Framework it is the Program Manager/System Manager who appoints the ISSM for each assigned Information System or PIT system with the support, authority, and resources to satisfy the responsibilities established in this instruction.
In the Department of Navy, Information System Security Manager is appointed by Program Executive Offices, Systems Commands – According to SECNAV, 5239.2
The Army currently uses AR 25-2, Information Assurance (being replaced). The Information Assurance Program Manager (IAPM) appoints the IAM 3-2.
IAM. Appoint IAMs at all appropriate levels of command. This includes subordinate commands, posts, installations, and tactical units. Appoint an IAM as needed for those Army activities responsible for project development, deployment, and management of command-acquired software, operating systems, and networks. A contractor will not fill the MSC, installation, or post IAM positions and the person filling the position will be a U.S. citizen.
Info assurance is a comprehensive approach to information security. It included risk management, information protection, operational risk, business risk, assurance technology and much more.
More on “What is Info Assurance”?
Information assurance is the practice of assuring the confidentiality, integrity and availability of the processing, storing and/or transmission of data. Information assurance is used as a more complete approach to information security.
Since Info Assurance covers all aspects of the security, all individuals with internal access to an organizations critical access must get info assurance awareness training. Info Assurance is not just about turning on and configuring Assurance technology, but informing and educating those how have internal access to your system.
Info Assurance has its own complete common body of knowledge, industry, career path and degree programs accepted by the National Center of Academic Excellence in Information Assurance Education and those approved by the National Security Agency.
By becoming an info assurance specialist you can get work in many parts of the DoD including USAF, US Army, Department of the Navy and many other agencies. But IA jobs expect specific certification(s), experience and degree. The IA qualifications come from DoDD 8570 which is being replaced with DoDD 8140. There are lots of titles that are considered within IA: System Security Engineer, Info Assurance Analyst, Info Assurance Specialist, Info Assurance Subject Matter Expert (SME), Risk Analyst IT, and many others.